Cross Site Scripting (XSS) Basic to Advance Tutorial - Part 1


** STRICTLY ONLY FOR EDUCATIONAL PURPOSE **

Hello Visitors today i'm going to introduce new things about XSS (Cross Site Scripting) But This Article will Cover All the Major Tricks and also all the Basic Tricks 
Let's Begin the Hacking .. ;)) Please Don't Abuse Only for Educational Purpose 




Below Headings will be covered Under XSS :-


Part -1 


1. What is XSS?
2. Types Of XSS
3. Finding XSS Vulnerabilities.
4. The Basics On XSS .
5. Deface Methods.



Part -2 


6. Cookie Stealing.
7. Filtration Bypassing.


---------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>>>>>>>>>


1.What Is Cross Site Scripting (XSS)?


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of --Copyrights for greenhathacker.blogspot.com)--- all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.


In My Language 

‘XSS’ also known as ‘CSS’ (Cross Site Scripting, Easily confused with ‘Cascading Style Sheets’) is a very common vulnerbility found in Web Applications. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to Inject client side script into webpagesviewed by other users.

2.Types of XSS.




a . Non-persistent



b. Persistent



c. Traditional versus DOM-based vulnerabilities



3. Finding XSS Vulnerabilities




To find xss vul site you have to search in google with google dork . you can start checking out

Blogs, Forums, Shoutboxes, Comment Boxes, Search Box’s and many things.
--Copyrights for greenhathacker.blogspot.com)---


To find xss vul site you have to search in google with google dork . you can start checking out
Blogs, Forums, Shoutboxes, Comment Boxes, Search Box’s and many things.


If you don’t have XSS dorks thn you can goto this link :-
Code:


After that search in google
Click On Image to Large View 

4. The Basic Of Xss




SO you saw in above Content that we found our XSS target . Now in this Content we are going to Inject our XSS Script .Lets Start Injecting .




Now Inject Our Xss Script :-
Code:

<script>alert(“XSS”)</script>



Click On Image to Large View 


SO as you can see in above pic that we doesn’t Find anything inthat site. But you dn have to worry . We have another way to find xss vul .

You can try injecting HTML Inputs 

You can put this two strings to inject html


Code:



<h1>anything you want</h1>
<br><br><b><u>any thing you want</u></b>



Testing URL

http://www.poscope.com/search.php?q=



Click On Image to Large View

5. Deface Method .




SO i Hope ,now you understand how XSS works, we can explain some simple XSS deface methods. There are many defacing methods i will show you some simple and best method .

Now Inject this .
Code:

<img src=http://http://1.bp.blogspot.com/--NHs3S0jObs/TpvqEAWPBDI/AAAAAAAAAcQ/YmPPKLluCQ0/s760/green+hat+hacker.PNG></img>

Output will be like Below Image 



Click On Image to Large View



Ok it helps to make your picture big so it stands out and its clear the site got hacked.

Another method is using FLASH videos(.swf format files), its the same has the method below but a little more stylish deface.

Code:
<EMBED SRC=”http://site.com/xss.swf“

that will execute the flash video linked to it.


Now a popup or a redirection

Code:
<script>window.open( “http://greenhathacker.blogspot.com” )</script>


Meet You On Next Part of this Article ! If you Like our Articles Just Follow Me on Twitter (http://twitter.com/gazblotz) or Like Us on Facebook (http://facebook.com/hackingcourse)


No comments:

Post a Comment

Any Doubts ??
Don't wait till last Breath just Leave a Comment Below ;)

Hacking Articles for Free...